GHSA-VFF3-PQQ8-4CPQ Craft Commerce: Potential IDOR in Commerce carts
An Insecure Direct Object Reference IDOR vulnerability exists in Craft Commerce’s cart functionality that allows users to hijack any shopping cart by knowing or guessing its 32-character number. This vulnerability enables the takeover of shopping sessions and potential exposure of PII...